Cybersecurity

Sponsored
by

Cybersecurity / Recently Commented

NIS2: A New Cyber Jurisdiction Paradigm

The approval on 13 May by the European Council and Parliament of a near-final draft Directive on European Cybersecurity (NIS2) brings the world's most far-reaching cyber regime closer to realization. What is generally unknown, however, is the broad scope and global extraterritorial jurisdiction reach of the Directive. It applies to almost every online service and network capability that exists as infrastructure or "offered" anywhere in Europe. more

The World of the Subdomain

A web domain name is the foundational piece of internet property allowing its owner (registrant) to construct and host an associated website. On a domain, the owner is also able to construct whatever subdomains they wish -- a process that is technically achieved via the configuration of records on the authoritative domain name system (DNS) server. more

How the Verified Mark Certificate (VMC) Makes the Mailbox Safer

Nowadays, with increasing digitalization and internet usage, email is a central communication tool. This holds true even despite the high popularity of instant messaging apps and social media. Email remains the favorite means of business communication worldwide, both in B2B and B2C. In 2019, 293.6 billion emails were sent and received. By 2025, this number will grow even more. It is predicted that we will send and receive 376.4 billion emails per day. In this scenario, implementing security features for email communications has become absolutely essential. more

Remembering the Cybersecurity Treaty That Never Happened

The cybercrime legal community from around the globe is meeting under the aegis of the Council of Europe (COE) to hold the annual Cooperation against Cybercrime conference dubbed Octopus 2021. It is also celebrating the 20th anniversary of the Cybercrime Convention treaty signed in November 2001 in Budapest. Not celebrated and little known, however, is the Stanford Draft -- A Proposal for an International Convention on Cyber Crime and Terrorism -- and the initiative begun in 1997 which brought about that draft treaty instrument. more

DNS Abuse Definition: Attributes of Mitigation

A substantial amount of DNS community discussion on the topic of DNS Abuse is focused on defining what is or is not DNS Abuse. The definition adopted by ICANN contracted parties, as well as the DNS Abuse Institute, is straightforward: DNS Abuse is malware, botnets, pharming, phishing, and spam where it's a vehicle for the preceding harms. There is, of course, some fuzziness on the margins, where technical harms are also using content. more

The Importance of Understanding Attacker Target Selection

There's a bit of a debate going on about whether the Kaseya attack exploited a 0-day vulnerability. While that's an interesting question when discussing, say, patch management strategies, I think it's less important to understand attackers' thinking than understand their target selection. In a nutshell, the attackers have outmaneuvered defenders for almost 30 years when it comes to target selection. more

Phishing Scams: How to Spot Them and Stop Them

Phishing scams are nothing new in the online security world and show no signs of subsiding. The scam starts when a fraudster sends a communication purporting to originate from a trusted provider and encourages the recipient, often with a conveyed sense of urgency, to click a link. That link leads to a fake site, usually intended to collect confidential login credentials or other personal information. In similar scams, the mail may encourage the recipient to open an attachment loaded with malicious content. more

As DENIC’s CEO Jörg Schweiger Prepares to Step Down, He Speaks About His Time at DENIC

In January Jörg Schweiger, DENIC's CTO from 2007 to 2014 and CEO since 2014, announced he was stepping down from his position in December. It's been quite a ride, and the domain name industry has evolved quite a lot. So we asked Jörg a few questions about his time with DENIC and the changes he's seen... he came up with some insightful views on why he thought new TLDs missed a great opportunity to do something with "innovative new business models," the importance of security to DENIC... more

The Risk of Descriptive Subdomains: Are We Revealing Too Much?

Subdomains help organizations sort different sections of their websites neatly. Looking at the subdomains of some websites, for example, we usually see subdomains like shop[.]domain[.]com and blog[.]domain[.]com, which help users navigate the sites efficiently. But we couldn't help but notice subdomains that might be revealing a lot about a company's Internet infrastructure and resources. more

“It’s Always DNS!” Why DNS Is the Biggest Single Point of Failure in the New Norm

Many in the network security field may be familiar with the phrase: "It's always DNS."  This is a popular meme within the industry, often making reference to the internal domain name system (DNS), the dynamic host configuration protocol (DHCP) part of a company's online network, that whenever there is a network issue, it's always an issue with DNS. more

Leaked Documents Reveal Xi Jinping’s Communist Chinese Plan to Control the Internet’s Root

Yesterday, The Epoch Times reported on leaked internal Chinese government documents revealing that premier Xi Jinping has "personally directed the communist regime to focus its efforts to control the global Internet, displacing the influential role of the United States." Xi's ultimate aim is for the Chinese Communist Party (CCP) to wield "discourse power" over communications and discussions on the global geopolitical stage by controlling content on the Internet. more

An Institute to Combat DNS Abuse

Over the last few years, it's become clear that abuse of the Domain Name System -- whether in the form of malware, botnets, phishing, pharming, or spam -- threatens to undermine trust in the Internet. At Public Interest Registry, we believe that every new .ORG makes the world a better place. That means anything that gets in the way of that is a threat, and that includes DNS Abuse. more

What Are the Connected Assets of Confirmed Fake FBI Domains?

Two months ago, the Federal Bureau of Investigation (FBI) alerted the public to a list of domains that could easily be mistaken to be part of its network. The list of artifacts contained a total of 92 domain names, 78 of which led to potentially malicious websites, while the remaining 14 have yet to be activated or are no longer active as of 23 November 2020. more

3 Most Scary Attacks that Leaked Personally Identifiable Information (PII) of Millions of Users

Cybercriminals are increasingly targeting Personally Identifiable Information (PII). The reason being "data is the new gold" in this digital world, and the more sensitive some data is, the more value it has. There is no more sensitive data than personally identifiable information because it contains enough information to identify you digitally. Examples of personally identifiable information include name, email, contact number, address, social security number, tax file number, banking or financial information, and more such data that helps identify you. more

WHOIS Record Redaction and GDPR: What’s the Evolution Post-2018?

We all use the Internet daily. Practically every element of our reality has its equal in the virtual realm. Friends turn into social media contacts, retail establishments to e-commerce shops, and so on. We can't deny that the way the Internet was designed, to what it has become, differs much. One example that we'll tackle in this post is the seeming loss of connection between domains and their distinguishable owners. more